back to article Researcher releases unofficial IE fix for URI bug

A security researcher has beaten Microsoft to the punch with the release of an unofficial patch for an Internet Explorer 7 bug. The unofficial update targets a Universal Resource Identifier (URI) vulnerability that Microsoft acknowledged last week, after months of maintaining that the flaw stemmed from the security shortcomings …

COMMENTS

This topic is closed for new posts.
  1. Alan Donaly
    Black Helicopters

    I just noticed something

    Nothing to do with this story i don't guess but when I ran my mouse over the ms ad the title read "gratuitous monkey skull" which is the alt/title from my own sites bottom graphic and I haven't gone there this session fire fox maybe needs some work or perhaps it's a feature.

  2. Anonymous Coward
    Stop

    I noticed something even more interesting...

    The source code for this patch reveals it to have what as far as I can tell is a serious and very likely exploitable heap buffer overflow. I'll be posting a longer analysis later when I've had a chance to polish it up, but the underlying bug, in case anyone wants to take a look for themselves is in an algorithmic error: the author repeatedly tries to convert the count of WCHARs in a string into a size in bytes by dividing by the size of a WCHAR instead of multiplying it, which produces a result that is only a quarter of what it should be. Check the way cbPrefix is miscalculated and then used later to size a heap buffer that is LocalAlloc'd and, I'm fairly sure, the reassembled url gets written right over the end of this buffer and into trailing heap space.

  3. Dave
    Alert

    wow! AC - icon choice ;-)

    Your post is surely a 'may contain highly-techinical content that leads to 95% of readership head explosions'

    Notwithstanding, please do your further analysis and post findings soonest

    I do not often tout/support M$, or their ivory tower lofty opinions and self-opinions, but flaw-finding in unofficial patches is:

    a) worthy and to be respected, even though it

    b) supports M$ 'party line' against installation of sauch patches

  4. Chris Clawson

    Vista?

    What's the take on Vista? That part of the story seems to have been cut off.

  5. Morely Dotes
    Coat

    What about Schmidt? Er, I mean, Vista?

    "Redmond's planned patch, whose release date remains unclear, is targeted at Windows Server 2003 and Windows XP with Internet Explorer 7 installed. Vista "

    What about Vista? Perhaps the rest of the sentence would go something along the lines of, "Vista is not so much an Operating System, as a chocolate teapot, and since it can't be reasonably expected to do anything useful, may safely be ignored when applying Operating System patches."

  6. Anonymous Coward
    Gates Horns

    IE 7 ?? PAH !!!!

    I cant even install the LAST security update; every time I have done so, my PC wont start on reboot and I have to revert to "Last Known Good Configuration".

    Lucky I use Firefox for everything except Windows Update which, despite M$ claims to the contrary WONT work with anything other than IE

This topic is closed for new posts.